1. Field of the Invention
The present invention relates to a multi-functional system, a security method, a security program, and a storage medium, and more particularly, to a multi-functional system having a main system and a plurality of sub-systems, a security method, a security program, and a storage medium. The main system prevents intrusion by spoofing of the sub-system.
2. Description of the Background Art
With the spread of network environments, image processing apparatuses such as multi-functional apparatuses, copiers, printers, facsimile machines, and host units such as a plurality of computers may be connected to networks and the image processing apparatuses shared by the host units.
Further, the number of image processing apparatuses and other apparatuses using a plurality of resources has been increasing. For example, a multi-functional system or apparatus may be configured as follows: a main system is connected with a plurality of sub-systems such as an operating system, a sheet feed system, a scanning system, an image forming system, an optical scanning system, a communication system, a post-processing system or the like to configure a multi-functional system as a whole. Each of the sub-systems may be provided with a central processing unit (CPU) of its own to control the sub-system, all under the overall control of a CPU of the main system.
In such multi-functional systems, the sub-system can be easily connected to or disconnected from the main system, and protection of users' personal information stored in the multi-functional system becomes an important issue. For example, in such multi-functional systems, some external devices may pass themselves off as the genuine sub-system (“spoofing”) to falsify software or steal information.
An operating system may be used not only for simply displaying information and operating keys but also conducting advanced or sophisticated image processing function such as a browser function. With market demand, such advanced functions may be implemented by installing and using a general-purpose operating system (OS). However, as the system becomes more advanced while continuing to use a general-purpose OS, countermeasures against attacks from external apparatuses such as falsification are necessary.
Conventionally, an authenticity verification process at the time of activation of one system may be conducted using a Trusted Platform Module (TPM) like that shown in FIG. 1, for example. As shown in FIG. 1, a hash value of a basic I/O system (BIOS) in a platform is verified by TPM, and if its authenticity is confirmed, a hash value of a basic package is verified by TPM. Further, a hash value of an application package is computed using the basic package, and if authenticity is verified by the TPM, the application package can be activated.
In a conventional system such as that disclosed in JP-2007-213246-A, when an application package stored in an external storage medium is to be executed, the application package is executed after verifying the authenticity of the application package. The external storage medium to store the application package also stores medium-specific identification information, and the application package is tied to the medium-specific identification information. A memory stores information indicating whether to allow or disallow an execution of the application package. Specifically, when the external storage medium is connected, it is determined whether the application package in the external storage medium can be executed or not based on the medium-specific identification information and the application package stored in the external storage medium, and the allow/disallow information stored in the memory. If determined to execute the application package, the application package can be executed. The authenticity of the application package stored in the external storage medium is verified to prevent intrusion into a multi-functional system when the application package is to be operated.
However, in the above described conventional technology, to ensure that the security of system is not compromised, the application package, the medium-specific identification information stored in the external storage medium, and the allow/disallow information stored in the memory of the main system are used to verify the authenticity of the application package to determine whether or not to allow execution of the application package. However, the security of the system in such multi-functional system may need to be enhanced further. Further, although the TPM is used for authenticity verification, the security of the multi-functional system in the above described conventional technology may need an enhancement.
As above described, the multi-functional system may include a main system connected to a plurality of sub-systems such as an operating system, an image forming system, a communication system, or the like, and each of the sub-systems can be connected or disconnected to the main system as required. As for such multi-functional system, unauthorized devices may spoof as an authorized sub-system, by which security may be undermined or breached in the form of an intrusion to the multi-functional system, information theft, information falsification, or the like. In the conventional technology, the security of the system may be breached by such spoofing and an intrusion to the system may occur.